1. Home
    2. PAN-OS
    3. PAN-OS® and Panorama™ API Guide
    4. PAN-OS XML API Request Types
    5. Retrieve Logs (API)
    6. API Log Retrieval Parameters
    End-of-Life (EoL)

    API Log Retrieval Parameters

    Specify the log type with additional optional parameters to retrieve logs from a firewall.
    Parameter
    Description
    log-type
    The type of logs to retrieve:
    • log-type=traffic
      —Traffic logs
    • log-type=threat
      —Threat logs
    • log-type=config
      —Config logs
    • log-type=system
      —System logs
    • log-type=hipmatch
      — GlobalProtect Host Information Profile (HIP) matching logs
    • log-type=wildfire
      —WildFire logs
    • log-type=url
      —URL filtering logs
    • log-type=data
      —Data filtering logs
    • log-type=corr
      —Correlated event logs as seen in the user interface within
      Monitor
      Automated Correlated Engine
      Correlated Events
      .
    • log-type=corr-detail
      —Correlated event details as seen in the user interface when you select an event within
      Monitor
       >
      Automated Correlated Engine
       >
      Correlated Events
      .
    • log-type=corr-categ
      —Correlated events by category, currently compromised hosts seen within
      ACC
      Threat Activity
      Compromised Hosts
      .
    • log-type=userid
      —User-ID logs
    • log-type=auth
      —Authentication logs
    • log-type=gtp
      —GPRS Tunneling Protocol (GTP) logs
    • log-type=external
      —External logs
    • log-type=iptag
      —IP tag logs
    query
    (
    Optional
    ) Specify the match criteria for the logs. This is similar to the query provided in the web interface under the Monitor tab when viewing the logs. The query must be URL encoded.
    nlogs
    (
    Optional
    ) Specify the number of logs to retrieve. The default is 20 when the parameter is not specified. The maximum is 5000.
    skip
    (
    Optional
    ) Specify the number of logs to skip when doing a log retrieval. The default is 0. This is useful when retrieving logs in batches where you can skip the previously retrieved logs.
    dir
    (
    Optional
    ) Specify whether logs are shown oldest first (
    forward
    ) or newest first (
    backward
    ). Default is
    backward
    .
    action
    (
    Optional
    ) Log data sizes can be large so the API uses an asynchronous job scheduling approach to retrieve log data. The initial query returns a Job ID (
    job-id
    ) that you can then use for future queries with the
    action
     parameter:
    • action=get
      —Check status of an active job or retrieve the log data when the status is
      FIN
       (finished). This is slightly different than the asynchronous approach to retrieve tech support data where a separate status action is available.
    • action=finish
      —Stop an active job.
    • Not specified
      —When not specified, such as during an initial query, the system creates a new job to retrieve log data.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo